►
From YouTube: Kubernetes sig-aws 20171103
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Good
morning,
everyone
this
is
Sikh.
Aws
today
is
November
3rd
2017,
happy
Friday
everyone
and
we
have
a
couple
of
items
on
the
agenda.
Please
do
add
any
other
items
you
already
have,
but
first
off
we
have
a
very
exciting
item
which
is
mica
is
gonna.
Give
us
a
demo
of
the
NLB
support
he
has
been
working
on
so.
B
B
B
Let's
go
to
ec2,
okay,
just
to
knows
they're,
both
called
Goonies
master,
but
one's
a
master.
One's
a
worker
and
I
have
overridden
the
controller
manager
pod
with
my
fork.
So
that's
going
to
be
running
the
controller
manager
to
create
the
NLB
so
I've
got.
This
is
a
little
bit
of
a
hack,
and
this
is
not
going
to
be
the
final
deployment
structure,
I'm
going
to
end
up
supporting
only
local,
like
cluster
traffic,
but
show
off
just
a
deployment
and
a
service
really
quick.
B
A
A
B
A
A
B
C
So
I
we
had
helped.
You
announced
this
project
called
contour,
which
is
an
ingress
controller
based
on
envoy,
and
one
of
the
things
that
I
did
as
part
of
that
was
play
around
with
getting
an
LD
set
up
to
go
to
contour
running,
using
hosts
networking
to
reduce
like
the
number
of
hops
yeah.
It
ends
up
being
a
much
shorter
path
and
and
I
think
is
gonna,
be
a
great
solution
as
this
stuff,
as
this
stuff
gets,
gets
more
mature.
C
D
C
B
B
B
B
B
B
B
B
C
B
I'll
go
that's
a
good
point.
Point
I'll
go
over
that
really
quick,
so
in
with
classic
ELB.
What
communities
does
is
it
creates
a
security
group
or
you
specify
one
for
the
ELB
and
then
white
lists
from
the
LD
security
group
to
the
instance,
security
group
traffic
and
that's
really
helpful
in
some
ways
for
cleanup,
because
you
can
just
look.
What
are
all
the
security
groups,
node
security
groups
I
have
that
have
a
rule
to
my
ELB
security
group
and
with
NLB.
B
The
way
Amazon
has
it
set
up
is
that
you
have
a
white
list
for
your
node
port,
essentially
from
the
DPC
for
health
checks
and
then,
whatever
client
addresses
to
you,
have
to
whitelist
form.
Whatever
the
client
address
is
like
the
public
IP
to
be
instance.
So
what
we've
done?
What
I've
done
is
I
mean
that's
over
to
like
it's
okay.
This
is
the
group.
I've
got
I've,
got
two
predefined
rules
for
all
traffic,
intra
cluster,
all
traffic
from
my
home
IP
and
for
my
VPN
but
kubernetes.
What
I've
done
is
just
sort
of
overloaded.
B
This
description
field
with
a
client
description
for
client
traffic
and
then
health
check
description
and
then
a
rule
for
empty
discovery.
So
that's
kind
of
the
field
I'm
using
to
signal
the
kubernetes
for
creation
and
cleanup
what
what
IP
ranges
are
allowed
and
and
and
so
we
can
correctly
clean
those
up
that
make
sense.
Yeah.
C
I
think
one
of
the
one
of
the
implications
here
is,
and-
and
this
is
one
of
those
things
that
is
a
bit
scary
is-
is,
if
you,
if
you
do
default
things
like
start
up
instances
on
a
public.
You
know
public
subnet
with
public
IP
addresses.
Then
after
you
do
this,
you
can
reach
those
instances
directly
without
going
through
the
load
balancer
right.
So
so
this
is
actually
like.
You're
kind
of
like
opening
up
instances
directly
outside
the
load.
Balancer
so
really
means
that
you
want
it.
C
You
want
to
make
sure
those
nodes,
don't
have
public,
IP
addresses
or
they're
there
on
a
private
subnet
and
not
everything
does
that
right
exactly
so.
It's
there's
some
big
there's
some
big
red
flashing
warning
signs
here
for
users,
depending
on
how
they
set
up
their
networks
right,
I'm,
totally
right,
okay,
I.
B
B
B
Recall
that
okay,
so
what
I'm
is
now
creating
a
deployment
on
the
left
that
doesn't
use,
host,
Network
and
actually
just
uses
whatever
port?
The
pod
wants
I'm
just
specifying
3000
in
this
case
and
then
over
here
on
the
service
I'm,
going
to
create
a
service
with
external
traffic
policy
set
to
local.
So
let
me
go
ahead
and
just
so,
we
don't
have
any
problems.
B
B
B
B
B
B
B
A
B
B
Yes
is
if,
if
you're
using,
if
you're,
specifying
the
what
does
it
forget,
which
which
field
on
the
then
sort
of
spec
for
for
hosts
for
for
client-side
or
ranges,
this
is
yeah
you're
right.
It's
a
per
port
per
back
in
port
that
you
have
you're
gonna
have
a
well
if
you
do
host
only
or
a
host
external
traffic
policy,
its
local
you're,
just
gonna
have
one
health
check
port,
because
it's
one
port
for
all
the
all
the
backend
services.
B
But
if
you
have
multiple
ports
on
your
service,
you're
gonna
have,
and
you
don't
have
the
external
traffic
policies
at
the
local
you're,
going
to
have
a
health
check
per
back-end
port
and
you're
gonna
have
a
site
or
front-end.
For
so
that's
definitely
something
to
be
aware
of
there's
a
lot
of
gotchas
with
this.
In
that
case,
I'm.
A
C
B
C
C
There,
but
there
then,
is
the
assumption
here:
are
you
going
through
and
you're
finding
all
the
security
groups
for
across
all
the
nodes,
finding
the
sort
of
ratings
out
of
those
security
groups
and
then
modifying
those
yeah?
Ok,
so
that
way,
if
you
have
different
node
pools
with
different
security
groups,
you're
modifying
both
sets
of
Notables
that's
correct.
B
B
C
So
if
you're
doing
host
networking
your
meet
the
court
explicitly,
it
might
be
worthwhile
having
an
annotation
that
says,
don't
muck
with
security
groups
at
all
trust
me
I
got
this
right,
because
in
that
case
you
know
you
may
want
to
like
at
least
have
an
escape
to
be
able
to
turn
that
stuff
off.
Just
because
mucking
with
security
groups
is
like
a
dangerous
thing:
yeah
it's
their
money.
It
might
be.
That
might
be
a
safety
thing
to
have
it's
like.
A
B
That's
a
good,
that's
a
really
good
point,
yeah
for
I!
Think
for
an
initial
PR
we
can
I
mean
we
can
can
leave
it
at
it.
As
is,
and
then
add,
you
know
the
same
way
that
we
specify
you
can
specify
for
classic
load.
Balancers
like
this
is
my
one
security
group
for
load
balancers,
you
could
be.
We
could,
you
know,
do
something
very
similar
and
attach
that
SG
to
all
the
instances
that
you
specify.
C
And
the
other
thing
that
I
noticed
is
in
the
host
networking
case.
You
created
a
security
group
rule
entry
for
both
the
health
check,
pork,
health
check
range
and
in
the
IP
range
at
some
point
it
might
be
worth
doing.
The
enhancement.
To
actually
say
hey
is,
you
know,
is
one
a
subset
of
the
other
and
actually
collapse
that
down
right
because,
like
if
you,
because
a
common
case
is
going
to
be
like
hey,
like
open
this
stuff
up
to
the
world
right,
in
which
case
it's
your
subnet
right
for
yeah,.
B
B
Yeah,
that's
a
really
good
point
like
know
that
that
would
make
it
just
easier
to
yeah.
Just
I
mean
just
less
security
groups,
totally
right
and
and
the
one
other
thing
too
I'm
doing
is
I'm
not
consolidating
target
groups
based
on
the
backend
port.
So
say
you
have
443
or
80
80
to
80
and
80
days.
There's
two
target
groups
right
now
it's
a
little
bit
easier
to
reason
about
in
terms
of
cleanup,
but
like
there's
no
reason
we
you
know
we
could
we
couldn't
consolidate
that.
B
A
B
C
B
C
C
A
A
That's
because
I'm
looking
at
the
wrong
week,
you
talked
about
that
last
week.
Are
we
gonna
talk
about
it
again?
It's
great
every
once
you
check
it
out.
It's
like
well
worth
like
yeah
I
will
recap
that
it
is.
It
is
good
and
it's
going
to
be
like
a
good
like
I
went,
it
starts
at
communities
101
and
it
goes
up
from
there
and
it's
so
I.
Don't
I
haven't
seen
it
that
information
callate
it
anywhere
else.
A
B
A
Date,
which
is
I
think
in
two
or
three
weeks,
but
I
think
this
the
feature
freezes
long
past
that
I
believe
I'm
pretty
sure
we
got
this
in
anyway.
It
yeah.
If
we
screwed
that
up
technically,
then
we
will
address
that.
But
I'm
pretty
sure
we
mentioned
this,
so
this
was
well
known
and
yeah
I
think
I
I.
A
A
There
should
be
no
impact
for
people
that
are
not
using
it.
So
I,
don't
think
we
have
a
problem.
Getting
you
know,
cool
thanks,
we'll
call
it
alpha
whether
or
not
we
whether
or
not
we
make
the
annotation
alpha
is
a
broader
discussion
which
I,
don't
particular
one
I
have
again
I,
don't
think
I
says
anything
else
they
want
to
discuss.
Otherwise
we
just
have
a
awesome
demo
on
a
Friday,
and
everyone
gets
an
extra
20
minutes
story.
A
Five
minutes
back
well,
that's
great
I
presume
everyone
is
excited
about
the
upcoming
AWS
cycle,
release
season
or
sort
of
like
the
Oscars
season
for
the
for
the
cloud
where
all
the
all
the
good
features
get
dumped
out
in
the
next
two
months.
So
yeah
we'll
see
what
we'll
see
what
happens.
It
should
be
an
interesting
couple
of
months.
I
will
help
CF
on
it
at
coupe,
cotton
I'm
sure
a
lot
of
people
will
be
it.